38 C
Monday, July 22, 2024

Creating two way Transitive Trust in Windows Server

Let’s see how to build a “Two way Transitive Trust” . You need to have a proper DNS resolution working two way.

There are different types of trusts, “Two way Transitive Trust“ is the most used and less complicated trust where both the organizations will have all the permissions over the organizations. It doesn’t fit all the scenarios. But most of them.

This will be the Initial Step if your going to do a cross forest migration between two messaging environments or migrate your Active Directory into single domain or coexist to share permissions between two forest.

Source domain – sourceazure365pro.com

Target Domain – targetazure365pro.com

Open Active Directory Domains and Trusts.

Start – Administrative Tools – Active Directory Domains and Trusts


Click on “New Trust”


Am Typing the “Netbios” or root the domain name name of the Target forest


Click on Forest Trust


Click on “Two-way” as we are going to setup – Two way Transitive Trust


Click on “Both this domain and the Specified domain”


Type the Target domain Administrator Credentials




Click on “Forest-Wide Authentication”

Outgoing Trust Authentication Level – Local Forest


Outgoing Trust Authentication Level – Specified Forest



In the confirm outgoing trust, choose Yes, Confirm the outgoing trust option. Click Next.

In the confirm incoming trust, choose Yes, Confirm the incoming trust option. Click Next.

Choose Yes

The trust relationship has been created successfully in this domain controller. Click Finish.

You can now view the trust relationship from the trusts tab as shown above

You can test by sharing the folder from source domain to target domain or vice versa. Assigning permission to users located from the other side of the forest.

You can see the trusts has been created


After Creation “ Click on Validate to verify the Trusts”


Enter the Target domain Credentials


Its always good to validate the trusts , as a confirmation , that we did the right thing


Choose Yes


Now you can see the Trusts populated in the target domain


Two way transitive Trusts between domains is valid and active now.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles


  1. Hello,

    After proceeding with your steps at the final stage i get Cannot logon error between domains
    Is there something i miss? Also when i follow your instructions i dot see the windows showed in images 9 and 10.

    Both of my servers run under:
    Windows server 2008 r2 enterprise
    Exchange server 2010 sp1

    All I want to move the users from first server to my newly installed server. If there is another way for moving all the accounts from source server to destination server would save me a lot of time asking experts will help me a lot thanks 🙂

  2. Hi, Can you please confirm what are the Ports/Network pre-requisites for establishing Firest trust between 2 domains.


Please enter your comment!
Please enter your name here

× How can I help you?